Daidai

The issue is resolved in 17.0.16.0, thank you ESET.

https://help.eset.com/eis/17/en-US/idh_dialog_epfw_rule_create_general.html

As shown in the screen capture, there is nothing that can be selected in the dropdown box next to Service. Does anyone experiencing the same issue using English as the user interface? Hopefully, this is just another localization bug.

Surely it is a genuine version. Could someone please verify using LiveTCPUDPWatch whether this is normal?

Something could be hacking or exploiting your system, and Eset HIPS is defending which creates a lot of log entries.

As you can see, remote port 137, 445, 1900, 3702, 5353,5355, 62078 are used. Is it normal?

Thanks.

Under Windows Security->App & browser control->Exploit protection->Program Settings there is 1 ekrn.exe system overide. Upon edit, I see Validate handle usage Raises an exception on any invalid handle references is checked. Is this overide made by ESET intentionally?

This happens even no device is connected to the router, so it is not related to ESET firewall.

Thanks, I will try and see.

I forgot to ask, how come the attacker's address is 0.0.0.0 ? Please help, I don't want my network got breached again.

Sorry for the confusion, 1. is doing a TCP SYN flood at random ports. 2. 0.0.0.0 is doing a fraggle attack to destination 255.255.255.255 at port 68. (I just type what the router tells) 3. I did reset the router, changed default adminstration login password. I am confident it is a strong password.

No! please don't type the numbers, please use the picture I provided, I don't want to alert that IP owner and attack my router more! My router says is doing a TCP SYN flood hundreds of time per day! 0.0.0.0 is performing a fraggle attack to destination 255.255.255.255 at port 68.

My router has been hammering by an IP 0.0.0.0 and . Is there a way to escape from them, or find out who is behind this 0.0.0.0 ? Thanks in advance.

They are finally available. But the "Number of users" is still yellow, can someone confirm on this?

I once have my router breached, then my laptop connected to it (even equiped with ESET firewall) was also breached. No idea how the intruder managed to do this.

I made a poor presentation, the reputation is green. But the "Number of users" is red and "Time of Discovery" is still unavailable.

Thank you everyone. I have a new question, any reply is welcome.

Thanks, I will wait and see.

It is me again. EDGE and Firefox have automatically update itself today. Popups of ESET appeared asking for approval to allow them to access network. But upon investigation, I found they have a reputation of red and ESET is unable to recognize them. Did someone get them hijacked or modified? Please help again.

I have set a rule to block any traffic going to/from 8.8.8.8 at the top of ESET firewall table, so it is unlikely my machine is infected. According to eveyone in this thread, I can only assume ekrn is using 8.8.8.8 sometimes.

@Enrico I have tried disableing the spam filter, sorry to say it remains the same. @Marcos The 8.8.8.8:53 connection at ekrn happens occasionally and randomly, it can appears at startup, after browsing the Internet, or when I am doing nothing. @itman I am sure to tell you this is not related to the Great Firewall. Under the 'One country two systems' policy, Hong Kong can use Google DNS servers. I am starting to think is it possible that it is because I have disabled some default firewall rules? But I have leaved the "outbound DNS request" enabled.

@Macros I checked the spam/junk folder, nothing was sent in. @itman I have added the two rules you mentioned, the same. @Enrico I will try that and keep an eye on ekrn. By the way, I have changed the router, so it is unlikely this is caused by the old router.

The 8.8.8.8 ekrn connection even happens before I start anything. (I open ESET GUI right after Windows desktop appears) Could someone tell me why can't I reveive response from ESET support? Not even the notification email.

No, just 192.168.1.1 The 8.8.8.8 ekrn connection does not always happen.